500+ npm Packages Poisoned in Shai-Hulud Worm Attack

In mid-September 2025, the Shai-Hulud worm triggered one of the most severe supply chain compromises in the npm ecosystem to date. More than 500 npm packages – including widely used libraries like @ctrl/tinycolor and several CrowdStrike-maintained packages – were poisoned with malicious code. The attack featured worm-like propagation, credential theft across major cloud providers, and data exfiltration via public GitHub repositories. Its scale and stealth make it a defining moment in modern supply chain security.

Severity: High

Timeline

• September 14, 2025 (UTC 17:58) – First compromises observed on npm (rxnt-authentication, json-rules-engine-simplified).
• September 14–16, 2025 – Multiple bursts of malicious publishes; by the end, 500+ packages compromised across different maintainers.
• September 16, 2025 – Largest wave included nearly 100 CrowdStrike npm packages.
• September 17, 2025 – Research confirmed at least 37 developers and 15+ companies were impacted, with hundreds of GitHub repos forcibly exposed.

Attack Chain & Malware Behavior

1. Initial Injection

• Attackers modified package.json to insert a malicious postinstall script.
• This executed a Webpack-bundled payload (bundle.js, ~3.6MB) during installation.

2. System & Credential Harvesting

• Used TruffleHog to scan local file systems.
• Extracted AWS, GCP, Azure, GitHub, and npm tokens from process.env, config files, and cloud metadata endpoints.

3. Persistence via GitHub Actions

• Deployed a workflow file .github/workflows/shai-hulud-workflow.yml.
• This ensured continuous secret exfiltration every time a repository pipeline ran.

4. Data Exfiltration

• Stolen secrets aggregated into JSON payloads.
• Uploaded to attacker-created public GitHub repos titled “Shai-Hulud Migration” or “Shai-Hulud Repository.” Over 700 such repos were observed.

5. Self-Propagation

• Worm queried npm registry to list packages by a maintainer.
• Force-published infected updates to all of them, creating cascading compromises across ecosystems.

Scale Of Impact

• Packages: Over 500 npm packages, including critical libraries (@ctrl/tinycolor, @ctrl/deluge, @crowdstrike/foundry-js, @art-ws/*).
• Organizations: Confirmed companies affected include CrowdStrike, nStudio, ASN Bank, Aplos, Brightback, Klarrio, Kodelabs, OpenLoop Health, Yoobic, Mobioffice and others.
• Repositories: At least 207 repos linked to 37 unique developers were exposed. Many were forced public, leaking corporate code and credentials.

Recommendations

If you use any of the affected packages, take these actions immediately:

1. Identify & Remove Compromised Packages

• Check for affected packages in your project (@ctrl/tinycolor, @crowdstrike/, @art-ws/, etc.).
• Remove compromised versions and replace with known-good releases.
• Search for malicious bundle.js by hash:
  • find . -type f -name “*.js” -exec sha256sum {} \; \ | grep “46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09”

2. Clean Infected GitHub Repositories

• Remove backdoor workflows: rm -f .github/workflows/shai-hulud-workflow.yml
• Look for suspicious branches: git ls-remote –heads origin | grep shai-hulud
• Delete malicious branches: git push origin –delete shai-hulud

3. Rotate all potentially exposed secrets immediately:

• npm tokens (automation & publish tokens)
• GitHub personal access tokens & repo secrets
• SSH keys used for Git operations
• AWS IAM credentials, access keys, session tokens
• Google Cloud service account keys & OAuth tokens
• Azure service principal credentials & tokens
• API keys in environment variables
• Database connection strings
• Secrets from AWS Secrets Manager & GCP Secret Manager
• CI/CD pipeline tokens & third-party service credentials

4. Cloud Infrastructure Audit

AWS

• Review CloudTrail logs for suspicious secret access: BatchGetSecretValue, ListSecrets, GetSecretValue
• Generate and review IAM credential reports for: new access keys, unusual authentication patterns, privilege escalations

GCP

• Review Audit Logs for abnormal use of @google-cloud/secret-manager.
• Look for unauthorized service account key creation.
• Flag repeated or unexpected secret enumerations.

5. Package & Dependency Hygiene

• Rollback to known-good versions of affected packages.
• Rebuild environments from verified clean dependencies.
• Enable package integrity verification (npm ci with lockfiles, checksum validation).

6. Block the IOCs at their respective controls

https://www.virustotal.com/gui/collection/f1075aabcd504ecd2c3e52307b0a16ac0139ccee851adf6fc7b320c9ded4b6a6/iocs

Source:

• https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
• https://www.upguard.com/breaches/identifying-companies-affected-by-the-shai-hulud-npm-supply-chain-attack
• https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised
• https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.